Business Continuity and Disaster Recovery Planning from an

Transcription

Business Continuity and Disaster Recovery Planning from an
Business Continuity
and
Disaster Recovery Planning
from an
Information Technology Perspective
Presenter: David Bird, Director of Sales, Business Technology Consultant
phone: 215-672-7100
email: dbird@quatro.com
Quatro Systems, Inc 2008
1
Table of Contents
Introduction
Statistics
Recent Events
What should we be thinking about from an IT
perspective?
◦ Getting Started
◦ Key Metrics
◦ Best Practices
◦
◦
◦
◦
Quatro Systems, Inc 2008
2
Introduction
`
Why should you care about this
presentation?
Increased dependence for businesses on IT;
Reliance on business-critical information;
Importance of protecting irreplaceable data ;
Most companies relying on their computer systems
as critical infrastructure in their business;
◦ Most companies are aware that they need to
backup their data to limit data loss and to aid data
recovery;
◦ Most companies do not have a disaster recovery
plan;
◦
◦
◦
◦
Quatro Systems, Inc 2008
3
Introduction
`
Why should you care about this
presentation?
Quatro Systems, Inc 2008
4
Introduction
`
The “goal” of this presentation…
◦ Is to create awareness on the basics on what
you need to know about Business Continuity
and Disaster Recovery Planning;
◦ Learn about some proven, affordable strategies
for your company;
Quatro Systems, Inc 2008
5
Statistics
`
Most large companies spend between 2%
and 4% of their IT budget on disaster
recovery planning;
Of companies that had a major loss of
computerized data without a disaster
recovery plan:
(Gartner Group)
`
◦ 43% never reopen;
◦ 51% close within two years;
◦ only 6% will survive long-term;
Quatro Systems, Inc 2008
6
Statistics
`
`
`
Fires permanently close 44% of the
business affected;
The 1993 World Trade Center bombing,
150 businesses out of 350 affected failed
to survive the event;
The firms affected by the Sept. 11 attacks
with well-developed and tested BCP
manuals were back in business within
days;
Quatro Systems, Inc 2008
7
Recent Events
`
`
`
`
`
(catastrophic occurrences)
9-11
Hurricane Katrina & Wilma
Fires in Southern California
Tornadoes in the mid-west
For more information:
http://www.fema.gov/index.shtm
Quatro Systems, Inc 2008
8
Recent Events
`
`
`
`
`
`
`
(human driven)
SPAM and Virus attacks
Cyber attacks
Decentralized Data
Power Outages
Equipment Failures
Employee Negligence
Social Engineering
Quatro Systems, Inc 2008
9
From an IT perspective, what
should we be thinking about?
`
`
`
`
`
What state would my business be in if we
experienced one of these events?
How long would it take for me to recover?
Define all of the efforts needed to get us
back in operation?
How much revenue would we lose if we
were “down and out” for 24, 48, 72 hours?
How safe are my companies “crown
jewels”?
Quatro Systems, Inc 2008
10
From an IT perspective, what
should we be thinking about?
`
Hardware Failures
◦ Storage Equipment, Servers, Firewalls, Switches,
Desktops, Laptops, PDA’s, Printers, Copiers,
Fax, etc.
`
Application Failures
◦ Web base, Messaging, Database,etc.
`
Telecommunications Failures
◦ Voice (land and wireless) and Data
Quatro Systems, Inc 2008
11
Getting Started!
`
Define some important Terms & Metrics
◦
◦
◦
◦
◦
◦
Business Continuity
Disaster Recovery
Key Business Processes
Business Critical Systems and Data
Recovery Point Objective (RPO)
Recovery Time Objective (RTO)
Quatro Systems, Inc 2008
12
Term: Business Continuity
`
Defined as:
◦ A interdisciplinary concept used to create and
validate a practiced logistical plan for how an
organization will recover and restore partially
or completely interrupted critical function(s)
within a predetermined time after a disaster or
extended disruption.
Quatro Systems, Inc 2008
13
Term: Disaster Recovery
`
Defined as:
◦ The process, policies and procedures of
restoring operations critical to the resumption
of business, including regaining access to data
(records, hardware, software, etc.),
communications (incoming, outgoing, tollfree, fax, etc.), workspace, and other business
processes after a natural or human induced
disaster;
Quatro Systems, Inc 2008
14
Key Metrics
`
The Key Business Processes for your
business…
◦ Defined as is the collection of your businesses
operations from which you fulfill your
customer’s (internal or external) needs.
x
x
x
x
Customer Order Process
Purchasing
Manufacturing
Payroll
Quatro Systems, Inc 2008
15
Key Metrics
`
Business Critical Systems and Data
◦ The Systems
x IT infrastructure “the gear”
x Operating Systems
◦ The Data
x
x
x
x
x
x
Email
CRM
ERP
File Servers
Website
Phone System
Quatro Systems, Inc 2008
16
Key Metrics
`
Recovery Point Objective (RPO)
◦ Defined as the amount of data lost measured in
time.
◦ Example: If the last available good copy of data
upon an outage was from 24 hours ago, then
the RPO would be 24 hours.
Quatro Systems, Inc 2008
17
Key Metrics
`
Recovery Time Objective (RTO)
◦ Defined as the duration of time and a service
level within which a business process must be
restored after a disaster in order to avoid
unacceptable consequences associated with a
break in continuity.
Quatro Systems, Inc 2008
18
Business Continuity
Planning Lifecycle
Quatro Systems, Inc 2008
19
Analysis Phase…
`
`
`
Define the DR Team
Rank your Key Business Processes
Initiate the Planning Process
◦ Impact Analysis
◦ Threat Analysis
◦ Recovery Requirements (business & technical)
`
Compile your Business Continuity Manual
Quatro Systems, Inc 2008
20
Analysis Phase…
`
Business Continuity Manual
◦ May be simply a printed manual stored safely away
from the primary work location containing:
◦ The names, addresses, and phone numbers for
crisis management staff;
◦ General staff members;
◦ Clients and vendors;
◦ Insurance contracts;
◦ The location of the offsite data backup storage
media;
◦ Data/Systems Recovery Process
Quatro Systems, Inc 2008
21
Analysis Phase…
`
Business Continuity Manual
◦ Include recovery requirements
x
x
x
x
x
x
Number and types of workstations
Primary and secondary locations
Key individuals involved in a recovery effort
Key applications and date
Maximum time allowed for an outage
Peripheral requirements like computers, printers,
copiers, faxes, etc.
Quatro Systems, Inc 2008
22
Solutions Design Phase…
`
Your goal is to identify the most cost
effective disaster recovery solutions based
on RPO and RTO based on your companies
risk tolerance levels.
Quatro Systems, Inc 2008
23
Solutions Design Phase…
`
Important ranking of key business applications
and processes:
◦
◦
◦
◦
◦
◦
◦
◦
E-commerce;
E-mail based communications;
Production Processes;
IT Services;
Finance;
Sales and Marketing;
Customer Service;
Accounting & Reporting;
Quatro Systems, Inc 2008
24
Implementation Phase…
`
`
`
`
Complete Assessment of your IT
infrastructure;
Review the Findings Report (Health Check);
Make the necessary improvements;
Document the new environment;
Quatro Systems, Inc 2008
25
Testing and Organizational
Acceptance Phase
`
Test the plan in it entirety or parts
◦
◦
◦
◦
◦
Power Outages
Hardware Failures
Telecommunications Outages
Applications Test
Business Process Test
Quatro Systems, Inc 2008
26
Maintenance Phase…
`
`
`
`
Confirm the information in the manual is
accurate after your testing;
Roll out the BCP with your staff and
conduct some basic training;
Continue to test and verify the readiness
of your IT solutions;
Review the BCP on an annual basis;
Quatro Systems, Inc 2008
27
Important to note…
`
`
Firms should ensure that their BCP
manual is realistic and easy to use during
a crisis;
The BCP sits along side crisis
management and disaster recovery
planning and is a part of an organization's
overall risk management;
Quatro Systems, Inc 2008
28
Best Practices to avoid hardware
failures…
`
Implement a remote Monitoring and
Management of your IT Infrastructure
◦ Comprehensive monitoring of your equipment:
Storage, Servers, Switches, Firewalls,
Computers, etc.;
◦ Proactive Management to prevent Cyber
Attacks;
Quatro Systems, Inc 2008
29
Best Practices in the event of a
hardware failure…
`
Implement a Back-up and Data Restore
Process
◦ Utilize a centralized, automated back-up for
your company PC’s, files, applications, and data
base servers, storage units;
Quatro Systems, Inc 2008
30
Best Practices in the event of a
power outage…
`
Due to power outages…
◦ Implement a battery back up solution and surge
protection strategy;
◦ Consider a diesel generator for your data center
of facility;
Quatro Systems, Inc 2008
31
Best practices to avoid
application failures…
`
E-mail Application Defense
◦ Spam and viruses filtering before they enter
your network;
◦ Implement a Hosted E-mail service with a
provider that utilizes a secure, fully redundant
data center;
◦ Implement a replica of your email systems in a
data center;
◦ Keep your desktops, laptops and PDA’s secure
from viruses and theft;
Quatro Systems, Inc 2008
32
Best practices to avoid application
failures…
`
Website Protection
◦ Secure your website in a secure, fully redundant
data center;
◦ Implement geographic redundancy for your
website;
◦ Make sure you have a back-up of your website;
Quatro Systems, Inc 2008
33
Best Practices to
Communications Failures…
`
Voice and Data Service Protection
◦ Implement a phone system redundancy;
◦ Hosted VOIP
◦ Don’t rely on a single Internet or Voice
provider;
◦ Implement redundant connectivity;
◦ Move the critical systems to a hosted fully
redundant environment;
Quatro Systems, Inc 2008
34
Who does this Stuff?
`
`
Your IT Department
Enterprise Account DR Providers
◦ Sungard
◦ Hewlett-Packard
`
Regional Provider specializing in the SMB Market
◦ Make sure the have vast industry experience:
x Disaster Recovery & Business Continuity Planning
x Data Center and Hosting Solutions
x Enterprise Storage Solutions
Quatro Systems, Inc 2008
35
Quatro’s Approach
`
`
Business Continuity Consulting, Planning and Implementation
◦
◦
◦
◦
◦
◦
Readiness Review
Risk Assessment
Business Impact Analysis
Recovery Strategy Development
Business Continuity Plan (IT)
Rehearsal & Test Support
◦
◦
◦
◦
◦
◦
◦
Hosting
Co-Location
Server and Application Image
Remote Back Up and Replication
Data Storage
Hot Site
Security (SPAM & Virus)
Affordable Availability Services
Quatro Systems, Inc 2008
36
How do I contact you?
`
David Bird
◦ Phone 215-672-7100 ext. 288
◦ Email dbird@quatro.com
◦ www.quatro.com
Quatro Systems, Inc 2008
37
Thanks!
Quatro Systems, Inc 2008
38